Meeting PCI DSS requirements
PCI (Payment Card Industry) DSS (Data Security Standard) requires companies that store, process or transmit credit cardholder data are in compliance with the standards. Our client had 1,000 locations with multiple points of sale (POS) based in North America that process and collect credit card information.
Our experts were called in to help company management ensure compliance with PCI DSS processes and technology.
CHT consultants worked closely with company management to provide a comprehensive solution and be considered as a trusted advisor.
Engagement components and methodology:
- Scope Definition and Assessment
- Initial Risk Assessment and Gap Analysis
- Gap Advisory and Remediation Plan
- Point-to-point Encryption Solution
- Ongoing Monitoring and Compliance
Success Outcomes & Value-Add
Through better understanding of the company’s business processes, our consultants were able to identify other PII (Personal Identifiable Information) that was being collected at all the POS locations which had to be further secured and protected. Furthermore, our consultants were able to help the company prioritize and reduce the scope of work required for compliance.
CHT continues to provide support to the client in providing training and educational awareness with the compliance standards. In addition, value add consultation in monitoring is provided to the company on a project basis.